Edge computing helps organizations meet GDPR compliance

The arrival of the General Data Protection Regulation (GDPR) in May 2018 is the most sweeping and comprehensive European legislation to address the issues of personal data protection and online privacy in more than 20 years. GDPR defines personal data broadly and aims to give consumers control over how their data is stored, transferred, and used by third-parties. According to the McDermott and Ponemon GDPR Survey Results, sixty percent of respondents said that GDPR has “significantly changed their organizations’ workflows for collecting, using, and protecting personal information.”

With so much of today’s personal data being collected and stored in cloud environments, rush to meet GDPR compliance has the potential to hasten the adoption of edge computing. According to MachNation, edge computing is a distributed technology and processing architecture that brings computational and analytics capabilities near the point of data generation. Edge computing enables certain processes to be decentralized and to occur in a more optimal physical location. This creates more secure, reliable, and scalable IoT deployments, while also offering new opportunities for IoT solutions to generate business value. Here are a few use-case examples where edge computing can help enterprises move towards GDPR compliance.


Virtually any data collected about a patient falls within the bounds of GDPR or HIPAA-type regulatory requirements. As healthcare providers adopt IoT solutions to deliver enhanced patient care, a heightened set of security and privacy concerns present new challenges.

Leveraging edge capabilities in medical devices and services allows patient data to remain close to the source, limiting risk of a privacy breach. By restricting the movement and storage of personally identifiable information (PII), users are able to choose when, where, and for how long their data is accessible to third-party applications or their medical provider. This a la carte approach to data management offers end-user options to tailor their devices to individual healthcare needs and keep medical providers securely connected to their patients. These on-device capabilities not only improve the standard of care offered, but empower patients to have greater control over their information and allow service providers to assume less risk.

Smart Home

As the adoption of smart devices at home continues to grow, so do the privacy concerns. Some data from smart home devices falls within the confines of GDPR. Consumer products like Amazon Echo or Google Home must transmit data to and from the cloud to function. For the consumer, this means linking a home to a variety of third-party services, which collect and store potentially vulnerable and sensitive data elsewhere.

Edge computing in the smart home has the potential to give control of personal data back to consumers – one of the primary goals of GDPR. By integrating edge capabilities into their core services, providers of smart home accessories offer users control of the data, whether they transmit it to the cloud or store and process it locally. This has particular implications for the transmission of financial, health, and location data.

Public Utility

Virtually all utility usage data collected from homes falls within the privacy bounds contemplated by GDPR. For example, power companies collect data at both macro and micro levels to monitor electricity usage and encourage reduction in consumption. GDPR non-compliance risks arise during the collection of private usage data.

Edge capabilities help utilities meet privacy requirements by providing localized and secured data streams. By monitoring and analyzing data in a delimited geographical perimeter, rather than aggregating individual consumer metrics, utility providers are able to create more granular analyses of usage patterns while remaining in compliance with GDPR.


GDPR is a landmark legislation that is here to stay, and serves as a blueprint for driving industry advancements towards increased privacy and protection. GDPR has wide-reaching implications around which industries will have to model their internal data privacy and protection playbooks. As IoT solutions continue to permeate throughout the globe, so too will the challenges of keeping sensitive data secure.

Scroll to top